[87206] in North American Network Operators' Group
Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus )
daemon@ATHENA.MIT.EDU (Micheal Patterson)
Fri Dec 9 17:02:25 2005
From: "Micheal Patterson" <micheal@tsgincorporated.com>
To: "Douglas Otis" <dotis@mail-abuse.org>,
"Todd Vierling" <tv@duh.org>
Cc: "Steven J. Sobol" <sjsobol@JustThe.net>,
"Geo." <geoincidents@nls.net>, <nanog@merit.edu>
Date: Fri, 9 Dec 2005 16:01:48 -0600
Errors-To: owner-nanog@merit.edu
----- Original Message -----
From: "Douglas Otis" <dotis@mail-abuse.org>
To: "Todd Vierling" <tv@duh.org>
Cc: "Steven J. Sobol" <sjsobol@JustThe.net>; "Geo." <geoincidents@nls.net>;
<nanog@merit.edu>
Sent: Friday, December 09, 2005 1:58 PM
Subject: Re: SMTP store and forward requires DSN for integrity (was
Re:Clueless anti-virus )
>
>
> On Dec 9, 2005, at 10:15 AM, Todd Vierling wrote:
>>
>> 1. Virus "warnings" to forged addresses are UBE, by definition.
>
> This definition would be making at least two of the following
> assumptions:
>
> 1) Malware detection has a 0% false positive.
> 2) Lack of DSN for email falsely detected containing malware is okay.
> 3) Purported malware should be assumed to use a forged return-path.
> 4) The return-path can be validated prior to accepting a message.
> 5) SMTP should appear to be point-to-point.
> 6) MTAs with AV filters are the only problem.
Case in point Doug.. Current versions of Sober.U are sending mail from:
?@c-24-19-xx-xx.hsd1.wa.comcast.net (xx's to hide the actual host).
I have a slew of these in my detected malware folder. I suppose that you'd
prefer, by your reasoning, that I be sending DSN's to these addresses,
knowing full well that it won't make it and just clutter up comcast's smtp
gateway with DSN's. I'm sure that they'd like that very much.
Mike P.
